Search in sources :

Example 1 with Authentication

use of io.gravitee.am.identityprovider.api.Authentication in project gravitee-access-management by gravitee-io.

the class UserAuthenticationServiceTest method shouldLoadPreAuthenticatedUser_subjectRequest_enhance_defer.

@Test
public void shouldLoadPreAuthenticatedUser_subjectRequest_enhance_defer() {
    final User existingUser = new User();
    existingUser.setId(UUID.randomUUID().toString());
    existingUser.setUsername("username");
    existingUser.setAccountNonLocked(true);
    var request = mock(Request.class);
    when(userService.findById(existingUser.getId())).thenReturn(Maybe.just(existingUser));
    when(identityProviderManager.get(any())).thenReturn(Maybe.just(new AuthenticationProvider() {

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
            return Maybe.empty();
        }

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
            return Maybe.empty();
        }
    }));
    when(userService.enhance(existingUser)).thenReturn(Single.just(existingUser));
    TestObserver<User> testObserver = userAuthenticationService.loadPreAuthenticatedUser(existingUser.getId(), request).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertValue(user1 -> user1.equals(existingUser));
}
Also used : User(io.gravitee.am.model.User) Authentication(io.gravitee.am.identityprovider.api.Authentication) AuthenticationProvider(io.gravitee.am.identityprovider.api.AuthenticationProvider) Test(org.junit.Test)

Example 2 with Authentication

use of io.gravitee.am.identityprovider.api.Authentication in project gravitee-access-management by gravitee-io.

the class UserAuthProviderImpl method authenticate.

@Override
public void authenticate(RoutingContext context, JsonObject authInfo, Handler<AsyncResult<User>> handler) {
    String username = authInfo.getString(USERNAME_PARAMETER);
    String password = authInfo.getString(PASSWORD_PARAMETER);
    String clientId = authInfo.getString(Parameters.CLIENT_ID);
    String ipAddress = authInfo.getString(Claims.ip_address);
    String userAgent = authInfo.getString(Claims.user_agent);
    parseClient(clientId, parseClientHandler -> {
        if (parseClientHandler.failed()) {
            logger.error("Authentication failure: unable to retrieve client " + clientId, parseClientHandler.cause());
            handler.handle(Future.failedFuture(parseClientHandler.cause()));
            return;
        }
        // retrieve the client (application)
        final Client client = parseClientHandler.result();
        // end user authentication
        SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(new VertxHttpServerRequest(context.request().getDelegate()));
        final Authentication authentication = new EndUserAuthentication(username, password, authenticationContext);
        authenticationContext.set(Claims.ip_address, ipAddress);
        authenticationContext.set(Claims.user_agent, userAgent);
        authenticationContext.set(Claims.domain, client.getDomain());
        userAuthenticationManager.authenticate(client, authentication).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
    });
}
Also used : Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) Client(io.gravitee.am.model.oidc.Client) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 3 with Authentication

use of io.gravitee.am.identityprovider.api.Authentication in project gravitee-access-management by gravitee-io.

the class UserAuthenticationManagerTest method shouldAuthenticateUser_singleIdentityProvider.

@Test
public void shouldAuthenticateUser_singleIdentityProvider() {
    Client client = new Client();
    client.setClientId("client-id");
    client.setIdentityProviders(getApplicationIdentityProviders(true, "idp-1"));
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setId("idp-1");
    when(identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
    when(passwordService.checkAccountPasswordExpiry(any(), any(), any())).thenReturn(false);
    when(userAuthenticationService.connect(any(), eq(true))).then(invocation -> {
        io.gravitee.am.identityprovider.api.User idpUser = invocation.getArgument(0);
        User user = new User();
        user.setUsername(idpUser.getUsername());
        return Single.just(user);
    });
    when(identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() {

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
            return Maybe.just(new DefaultUser("username"));
        }

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
            return Maybe.empty();
        }
    }));
    TestObserver<User> observer = userAuthenticationManager.authenticate(client, new Authentication() {

        @Override
        public Object getCredentials() {
            return null;
        }

        @Override
        public Object getPrincipal() {
            return "username";
        }

        @Override
        public AuthenticationContext getContext() {
            return null;
        }
    }).test();
    observer.assertNoErrors();
    observer.assertComplete();
    observer.assertValue(user -> user.getUsername().equals("username"));
    verify(eventManager, times(1)).publishEvent(eq(AuthenticationEvent.SUCCESS), any());
}
Also used : DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) User(io.gravitee.am.model.User) AuthenticationProvider(io.gravitee.am.identityprovider.api.AuthenticationProvider) IdentityProvider(io.gravitee.am.model.IdentityProvider) ApplicationIdentityProvider(io.gravitee.am.model.idp.ApplicationIdentityProvider) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) Authentication(io.gravitee.am.identityprovider.api.Authentication) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with Authentication

use of io.gravitee.am.identityprovider.api.Authentication in project gravitee-access-management by gravitee-io.

the class UserAuthenticationManagerTest method shouldAuthenticateUser_multipleIdentityProvider.

@Test
public void shouldAuthenticateUser_multipleIdentityProvider() {
    Client client = new Client();
    client.setClientId("client-id");
    client.setIdentityProviders(getApplicationIdentityProviders(true, "idp-1", "idp-2"));
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setId("idp-1");
    IdentityProvider identityProvider2 = new IdentityProvider();
    identityProvider2.setId("idp-2");
    when(passwordService.checkAccountPasswordExpiry(any(), any(), any())).thenReturn(false);
    when(userAuthenticationService.connect(any(), eq(true))).then(invocation -> {
        io.gravitee.am.identityprovider.api.User idpUser = invocation.getArgument(0);
        User user = new User();
        user.setUsername(idpUser.getUsername());
        return Single.just(user);
    });
    when(identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
    when(identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() {

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
            throw new BadCredentialsException();
        }

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
            return Maybe.empty();
        }
    }));
    when(identityProviderManager.getIdentityProvider("idp-2")).thenReturn(identityProvider2);
    when(identityProviderManager.get("idp-2")).thenReturn(Maybe.just(new AuthenticationProvider() {

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
            return Maybe.just(new DefaultUser("username"));
        }

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
            return Maybe.empty();
        }
    }));
    TestObserver<User> observer = userAuthenticationManager.authenticate(client, new Authentication() {

        @Override
        public Object getCredentials() {
            return null;
        }

        @Override
        public Object getPrincipal() {
            return "username";
        }

        @Override
        public AuthenticationContext getContext() {
            return null;
        }
    }).test();
    observer.assertNoErrors();
    observer.assertComplete();
    observer.assertValue(user -> user.getUsername().equals("username"));
    verify(eventManager, times(1)).publishEvent(eq(AuthenticationEvent.SUCCESS), any());
}
Also used : DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) User(io.gravitee.am.model.User) AuthenticationProvider(io.gravitee.am.identityprovider.api.AuthenticationProvider) IdentityProvider(io.gravitee.am.model.IdentityProvider) ApplicationIdentityProvider(io.gravitee.am.model.idp.ApplicationIdentityProvider) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) Authentication(io.gravitee.am.identityprovider.api.Authentication) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 5 with Authentication

use of io.gravitee.am.identityprovider.api.Authentication in project gravitee-access-management by gravitee-io.

the class UserAuthenticationManagerTest method shouldAuthenticateUser_singleIdentityProvider_PasswordExipry.

@Test
public void shouldAuthenticateUser_singleIdentityProvider_PasswordExipry() {
    Client client = new Client();
    client.setClientId("client-id");
    client.setIdentityProviders(getApplicationIdentityProviders(true, "idp-1"));
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setId("idp-1");
    when(identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
    when(passwordService.checkAccountPasswordExpiry(any(), any(), any())).thenReturn(true);
    when(userAuthenticationService.connect(any(), eq(true))).then(invocation -> {
        io.gravitee.am.identityprovider.api.User idpUser = invocation.getArgument(0);
        User user = new User();
        user.setUsername(idpUser.getUsername());
        return Single.just(user);
    });
    when(identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() {

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(Authentication authentication) {
            return Maybe.just(new DefaultUser("username"));
        }

        @Override
        public Maybe<io.gravitee.am.identityprovider.api.User> loadUserByUsername(String username) {
            return Maybe.empty();
        }
    }));
    TestObserver<User> observer = userAuthenticationManager.authenticate(client, new Authentication() {

        @Override
        public Object getCredentials() {
            return null;
        }

        @Override
        public Object getPrincipal() {
            return "username";
        }

        @Override
        public AuthenticationContext getContext() {
            return null;
        }
    }).test();
    observer.awaitTerminalEvent();
    observer.assertError(AccountPasswordExpiredException.class);
    verify(eventManager, times(1)).publishEvent(eq(AuthenticationEvent.FAILURE), any());
}
Also used : DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) User(io.gravitee.am.model.User) AuthenticationProvider(io.gravitee.am.identityprovider.api.AuthenticationProvider) IdentityProvider(io.gravitee.am.model.IdentityProvider) ApplicationIdentityProvider(io.gravitee.am.model.idp.ApplicationIdentityProvider) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) Authentication(io.gravitee.am.identityprovider.api.Authentication) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Aggregations

Authentication (io.gravitee.am.identityprovider.api.Authentication)21 User (io.gravitee.am.model.User)16 Client (io.gravitee.am.model.oidc.Client)14 Test (org.junit.Test)14 DefaultUser (io.gravitee.am.identityprovider.api.DefaultUser)13 AuthenticationProvider (io.gravitee.am.identityprovider.api.AuthenticationProvider)10 IdentityProvider (io.gravitee.am.model.IdentityProvider)10 ApplicationIdentityProvider (io.gravitee.am.model.idp.ApplicationIdentityProvider)10 EndUserAuthentication (io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)7 SimpleAuthenticationContext (io.gravitee.am.identityprovider.api.SimpleAuthenticationContext)6 IdentityProviderManager (io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager)4 Domain (io.gravitee.am.model.Domain)4 AccountSettings (io.gravitee.am.model.account.AccountSettings)4 Maybe (io.reactivex.Maybe)4 Logger (org.slf4j.Logger)4 LoggerFactory (org.slf4j.LoggerFactory)4 Parameters (io.gravitee.am.common.oauth2.Parameters)3 UserAuthenticationService (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationService)3 UserService (io.gravitee.am.gateway.handler.common.user.UserService)3 User (io.gravitee.am.identityprovider.api.User)3